Network Traffic Analysis has been rapidly evolving to counter the increased sophistication of threats experienced by organizations worldwide. Test methodologies and tools are not yet available which provide security professionals with the ability to test how well the products currently on the market perform.
Awake Security has partnered with the Tolly Group and a current Darktrace customer to develop and execute just such a test and has published a report detailing the methodology and the results.
The test report is focused on the following areas:
- Details of the test methodology and tools used to evaluate an NTA solution.
- The accuracy of the solutions at detecting post-exploit malicious behavior.
- The ratio of accurate and actionable alerts to noisy, generic alerts.
- An evaluation of the tools provided to validate that alerts are truly malicious.
The results of the report provide a revealing snapshot into how different approaches to the problem of detecting malicious activity deliver different results. Equally as important is the examination and presentation of the challenges involved with accurately testing intelligent, self-learning behavioral solutions in the real-world.